Stopping the new blackout threat

Co-ops are taking proactive steps to stop cyber threats

Security of the nation’s electric grid has received a lot of attention lately. National Geographic’s October 27th airing of “American Blackout,” a docudrama about a nationwide blackout following a cyber-attack may have been fiction, but the threat is real. Reports of high-profile hacking attempts on elec­trical facilities by parties foreign and domestic, mischievous and nefarious, keep making front-page news. In fact, according to the U.S. Department of Homeland Security, the energy sector was the target of more than 40 percent of all reported cyber attacks last year.

Illinois’ electric cooperatives are already taking cyber threats very ­seriously. They’ve formed an infor­mation technology (IT) ­working group and held meetings to share security issues and solutions. They’ve also worked closely with the University of Illinois’ (U of I) smart grid and cyber security engineers to perform cyber security audits. And they’ve consulted with the U of I, which is a partner with Dartmouth College, Cornell University, the University of California and Washington State University in a Department of Energy funded project called Trustworthy Cyber Infrastructure for the Power Grid.

Electric co-ops are being proactive about cyber security. However, co-op engineers and IT professionals ­realize this is an ever-evolving threat that requires continuous improvements to protect smart grid systems against new cyber threats.

In today’s heightened political landscape, some have suggested that onerous government mandates—as opposed to our existing system that provides flexibility to meet new threats—are necessary to protect the electric grid from cyber assaults. But it’s not certain more regulations will make us safer. Consider these points:

• Government mandates can’t keep pace with innovation. Utilities, like electric co-ops, are always ­deploying new technologies—and so are cyber criminals and terrorists. Top-down mandates, by their very nature, will only address known dangers; a ­command-and-control approach means we’ll always be fighting ­yesterday’s battle.

• “Gold plated” cyber security ­measures are not the answer. It’s possible to build a car that will survive any crash. But the cost of such a ­vehicle would be astronomical. Utilities need the latitude to ­balance risk and cost for the good of the consumer.

• Compliance is not a deterrent. For some, federal rules create a false sense of well-being. The reasoning goes like this: “If I’m following all of the cyber security regulations that apply to me, then my system must be secure.” However, ­bureaucracy can’t decree processes that address every ­contingency. And any com­placency opens the door to a possible cyber strike.

Continuous vigilance, ­innovation and improvement are the key ­ingredients to cyber security. Fortunately, Co-op Nation has taken a lead role on this issue. In ­addition to thousands of hours spent by electric co-ops helping the North American Electric Reliability Corporation (NERC), the nation’s grid ­watchdog, write Critical Infrastructure Protection standards, NRECA’s Cooperative Research Network (CRN) has developed the Guide to Developing a Cyber Security and Risk Mitigation Plan. This document — touted by the U.S. Department of Energy as a prime example for other utilities to follow (and endorsed by the head of grid security at IBM) — provides a set of scalable, online tools that can help electric co-ops strengthen their cyber security ­posture. While no one suggests it will prevent every possible act of “cyber-sabotage,” any step at ­mitigation means a significant leap toward better cyber security. As a result, we’ve offered the guide and template to ­others in the electric utility industry free of charge.

Jo Ann Emerson is President/CEO of the National Association of Rural Electric Cooperatives.

The bottom line is that over the past few years, our electric grid has become more secure because of joint public-private partnerships, such as those involving NERC. Meanwhile, electric cooperatives are working diligently to understand, mitigate, and respond to cyber events while strengthening the relationships essential to electric system protection. To this end, NRECA has discussed co-op leadership and concerns sur­rounding this subject in testimony before Congress and meetings with President Obama and U.S. Energy Secretary Ernest Moniz.

The perils posed by cyber attacks are real. But thanks to ­cooperative research and development and standards fashioned by electric utilities under the current voluntary, ­col­laborative NERC framework, we’ll be better armed to defend against this new cyber threat.

2 Responses to “Stopping the new blackout threat”

Just a note to say I hope you don’t run Jo Ann Emerson in your commentary section too often. Jo Ann has a lot of baggage. She ran for reelection in Missouri when she had no intention of serving a Congressional term. She is way outside the American political mainstream, only able to get elected to Congress in an ultra-conservative district by waiving red meat in front of her constituents. She is your problem now, but most of your readers are not particularly interested in hearing what Jo Ann has to say.

Thank you for comment. We publish commentaries from a diverse group of leaders. Jo Ann Emerson was commenting on the importance of cyber security, how co-ops are responding to this new threat, and how best to handle it in the future from a policy and regulatory prospective. It is a critical issue, one that is not going away and doesn’t have a simple or single solution. I’m sure we will be addressing it in the future and we won’t hesitate to publish Jo Ann’s comments on this issue or others when we think her comments contribute to solving problems.

Jo Ann Emerson was selected after a national search and recruitment process, which was completed by the NRECA board of directors. We appreciate her service to not just rural Missouri’s citizens while in Congress, but also to all the rural citizens she now serves through the electric cooperative and NRECA.

NRECA has chosen leaders from both sides of the political aisle, and NRECA and the co-op leaders across the country care more about effective leadership on rural issues than political affiliation.